CVE-2016-4448 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2016-4448

CVE-2016-4448

June 09, 2016

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Related Resources (30)

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4448

http://www.openwall.com/lists/oss-security/2016/05/25/2

https://security-tracker.debian.org/tracker/CVE-2016-4448

http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

https://support.apple.com/HT206902

http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=1338700

https://support.apple.com/HT206899

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

http://www.securitytracker.com/id/1036348

https://access.redhat.com/security/cve/CVE-2016-4448

https://support.apple.com/HT206901

https://support.apple.com/HT206903

http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

https://support.apple.com/HT206905

http://www.securityfocus.com/bid/90856

http://xmlsoft.org/news.html

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

https://www.tenable.com/security/tns-2016-18

https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

https://support.apple.com/HT206904

https://access.redhat.com/errata/RHSA-2016:1292

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

Do you need more information?

CVSS v4

Base Score:

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

EPSS

Base Score:

1.20

Products

Solutions

Resources

Company

Compare

Developer Tools